Cyber-security internals of a Skoda Octavia vRS: a hands on approach

Urquhart, Colin, Bellekens, Xavier ORCID logoORCID: https://orcid.org/0000-0003-1849-5788, Tachtatzis, Christos ORCID logoORCID: https://orcid.org/0000-0001-9150-6805, Atkinson, Robert ORCID logoORCID: https://orcid.org/0000-0002-6206-2229, Hindy, Hanan ORCID logoORCID: https://orcid.org/0000-0002-5195-8193 and Seeam, Amar ORCID logoORCID: https://orcid.org/0000-0001-8203-1545 (2019) Cyber-security internals of a Skoda Octavia vRS: a hands on approach. IEEE Access, 7 . pp. 146057-146069. ISSN 2169-3536 [Article] (doi:10.1109/ACCESS.2019.2943837)

[img]
Preview
PDF - Published version (with publisher's formatting)
Available under License Creative Commons Attribution 4.0.

Download (3MB) | Preview

Abstract

The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can be life-critical (e.g. breaking, acceleration, cruise control, emergency communication, etc … ). As vehicular technology advances, in-vehicle networks are connected to external networks through 3 and 4G mobile networks, enabling manufacturer and customer monitoring of different aspects of the car. While these services provide valuable information, they also increase the attack surface of the vehicle, and can enable long and short range attacks. In this manuscript, we evaluate the security of the 2017 Skoda Octavia vRS 4x4. Both physical and remote attacks are considered, the key fob rolling code is successfully compromised, privacy attacks are demonstrated through the infotainment system, the Volkswagen Transport Protocol 2.0 is reverse engineered. Additionally, in-car attacks are highlighted and described, providing an overlook of potentially deadly threats by modifying ECU parameters and components enabling digital forensics investigation are identified.

Item Type: Article
Theme:
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 36106
Notes on copyright: This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/
Depositing User: Amar Kumar Seeam
Date Deposited: 05 Oct 2022 11:17
Last Modified: 10 Oct 2022 11:45
URI: https://eprints.mdx.ac.uk/id/eprint/36106

Actions (login required)

View Item View Item

Statistics

Activity Overview
6 month trend
0Downloads
6 month trend
0Hits

Additional statistics are available via IRStats2.